Setting TrackBack response action
Setting a custom response action
4
In the lower right pane, enter the community string.
5
Click Apply.
6
In Apply Changes To, select the node to which to apply the parameter.
7
Click OK to save the changes to this node and close.
Symantec Network Security provides the TrackBack
back to their sources. This capability is especially important for tracking
denial-of-service attacks that must be traced to their source in order to shut
them down most effectively. TrackBack automatically tracks a data stream to its
source within the cluster, or, if the source is outside the cluster, to its entry
point into the cluster. It does this by gathering information from routers or its
own sensor resources. Sensor require interfaces with applied protection policies
to run, as well as sensor parameters for flow statistics.
Setting TrackBack response actions
Symantec Network Security can begin tracking in response to an attack. The
minimum delay between responses is 1 minute.
To enable TrackBack
1
In the Network Security console, click Configuration > Response Rules.
2
In Response Rules, click the Response Action column of a rule.
3
In Configure Response Action, click TrackBack.
4
Provide the following information:
Maximum number of trackbacks: Enter the number of tracking
■
attempts that you want.
Delay between trackbacks (mins): Enter the time in minutes that you
■
want Symantec Network Security to wait before making another
tracking attempt.
5
In Configure Response Action, click OK to save and exit.
6
In Response Rules, click OK to save and exit.
The Network Security console provides a way to set custom response actions to
launch third-party applications in response to an incident. To do this, a
Responding
Setting response actions
™
response to track attacks
147